Print this page
sync further changes from uts/aslr
@@ -60,32 +60,41 @@
#include <vm/seg_vn.h>
int use_brk_lpg = 1;
int use_stk_lpg = 1;
+/*
+ * If set, we will not randomize mappings where the 'addr' argument is
+ * non-NULL and not an alignment.
+ */
+int aslr_respect_mmap_hint = 0;
+
static int brk_lpg(caddr_t nva);
static int grow_lpg(caddr_t sp);
intptr_t
brk(caddr_t nva)
{
int error;
proc_t *p = curproc;
/*
- * As a special case to aid the implementation of sbrk(3C), if given a
- * new brk of 0, return the current brk. We'll hide this in brk(3C).
- */
- if (nva == 0)
- return ((intptr_t)(p->p_brkbase + p->p_brksize));
-
- /*
* Serialize brk operations on an address space.
* This also serves as the lock protecting p_brksize
* and p_brkpageszc.
*/
as_rangelock(p->p_as);
+
+ /*
+ * As a special case to aid the implementation of sbrk(3C), if given a
+ * new brk of 0, return the current brk. We'll hide this in brk(3C).
+ */
+ if (nva == 0) {
+ as_rangeunlock(p->p_as);
+ return ((intptr_t)(p->p_brkbase + p->p_brksize));
+ }
+
if (use_brk_lpg && (p->p_flag & SAUTOLPG) != 0) {
error = brk_lpg(nva);
} else {
error = brk_internal(nva, p->p_brkpageszc);
}
@@ -593,10 +602,13 @@
vn_a.lgrp_mem_policy_flags = 0;
return (as_map(as, *addrp, len, segvn_create, &vn_a));
}
+#define RANDOMIZABLE_MAPPING(addr, flags) (((flags & MAP_FIXED) == 0) && \
+ !(((flags & MAP_ALIGN) == 0) && (addr != 0) && aslr_respect_mmap_hint))
+
static int
smmap_common(caddr_t *addrp, size_t len,
int prot, int flags, struct file *fp, offset_t pos)
{
struct vnode *vp;
@@ -627,11 +639,11 @@
/*
* If it's not a fixed allocation and mmap ASLR is enabled, randomize
* it.
*/
- if (((flags & MAP_FIXED) == 0) &&
+ if (RANDOMIZABLE_MAPPING(*addrp, flags) &&
secflag_enabled(curproc, PROC_SEC_ASLR))
flags |= _MAP_RANDOMIZE;
#if defined(__sparc)
/*